Friday Quicky


Just wanted to share a couple things. First off, I encountered some clever malware.
clever girl
By checking to see if an audio device is enabled (by adjusting the volume), the malware knows not to run if it can’t. Because honestly, who enables audio drivers on their VM?

Other than that, I whipped up a little app in .NET to make use of bitwise operations on text. I’m sick of coding up little scripts in python or C to do essentially quick transformations.
Noted above is the standard McAfee BUP file which uses the XOR 0x6A (106 decimal) ‘encryption’. A lot of times, I’ll encounter malware placing encoded data through out the OS. This little app helps me decipher it quickly. Download it here: XOR_By. The password is ‘lolwut’.

That’s all I had for today.

Happy Hacking!
Edited due to censorship

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.